Your choice of installation environment can affect how you must configure authentication. This page describes some of the most common network configurations.
If you started your Spinnaker instance through one of the Quickstart images,
you have a system that routes all Gate traffic through Deck’s Apache instance. You can observe
that the network traffic from the browser contains
/gate at the beginning of each request path.
This is traffic destined for Gate, the API gateway.
Some users like to add a load balancer in front of this instance (to change ports or terminate SSL). When this happens, requests hop through two layers of proxies, which experience has shown causes many headaches when configuring authentication. We instead recommend having traffic go straight to Gate from the load balancer in this case
Server Terminated SSL
Terminating SSL within the Gate server is the de factor way to enable SSL for Spinnaker. This will work with or without a load balancer proxying traffic to this instance.
Load Balancer Terminated SSL
A common practice is to offload SSL-related bits to outside of the server in question. This is a fully supported option in Spinnaker, but it does affect the authentication configuration slightly. See your authentication method for specifics.
Choose an authentication method: